Gecko [ 167.86.127.34 ]

Name	Size	Permission
cli	[ DIR ]	drwxr-xr-x
client	[ DIR ]	drwxr-xr-x
config	[ DIR ]	drwxr-xr-x
fpdf	[ DIR ]	drwxr-xr-x
i18n	[ DIR ]	drwxr-xr-x
mpdf	[ DIR ]	drwxr-xr-x
pear	[ DIR ]	drwxr-xr-x
plugins	[ DIR ]	drwxr-xr-x
staff	[ DIR ]	drwxr-xr-x
upgrader	[ DIR ]	drwxr-xr-x
.MANIFEST	163.74 KB	-rw-r--r--
.htaccess	14 B	-rw-r--r--
JSON.php	33.13 KB	-rw-r--r--
PasswordHash.php	6.92 KB	-rw-r--r--
Spyc.php	31.73 KB	-rw-r--r--
UniversalClassLoader.php	8.61 KB	-rw-r--r--
ajax.admin.php	7.21 KB	-rw-r--r--
ajax.config.php	4.55 KB	-rw-r--r--
ajax.content.php	9.47 KB	-rw-r--r--
ajax.draft.php	12.72 KB	-rw-r--r--
ajax.export.php	1006 B	-rw-r--r--
ajax.filter.php	874 B	-rw-r--r--
ajax.forms.php	13.3 KB	-rw-r--r--
ajax.i18n.php	4.91 KB	-rw-r--r--
ajax.kbase.php	2.93 KB	-rw-r--r--
ajax.note.php	2.05 KB	-rw-r--r--
ajax.orgs.php	11.7 KB	-rw-r--r--
ajax.schedule.php	4.29 KB	-rw-r--r--
ajax.search.php	12.35 KB	-rw-r--r--
ajax.sequence.php	3.2 KB	-rw-r--r--
ajax.staff.php	7.84 KB	-rw-r--r--
ajax.tasks.php	30.25 KB	-rw-r--r--
ajax.thread.php	8.89 KB	-rw-r--r--
ajax.tickets.php	74 KB	-rw-r--r--
ajax.tips.php	1.66 KB	-rw-r--r--
ajax.upgrader.php	2.24 KB	-rw-r--r--
ajax.users.php	17.8 KB	-rw-r--r--
api.cron.php	909 B	-rw-r--r--
api.tickets.php	8.26 KB	-rw-r--r--
class.ajax.php	1.42 KB	-rw-r--r--
class.api.php	13.14 KB	-rw-r--r--
class.app.php	1.47 KB	-rw-r--r--
class.attachment.php	6.87 KB	-rw-r--r--
class.auth.php	43.91 KB	-rw-r--r--
class.avatar.php	6.43 KB	-rw-r--r--
class.banlist.php	2.54 KB	-rw-r--r--
class.base32.php	4.06 KB	-rw-r--r--
class.businesshours.php	6.72 KB	-rw-r--r--
class.canned.php	8.58 KB	-rw-r--r--
class.captcha.php	1.73 KB	-rw-r--r--
class.category.php	11.04 KB	-rw-r--r--
class.charset.php	3.4 KB	-rw-r--r--
class.cli.php	9.48 KB	-rw-r--r--
class.client.php	15.02 KB	-rw-r--r--
class.collaborator.php	5.44 KB	-rw-r--r--
class.company.php	2.65 KB	-rw-r--r--
class.config.php	58.51 KB	-rw-r--r--
class.cron.php	3.54 KB	-rw-r--r--
class.crypto.php	18.96 KB	-rw-r--r--
class.csrf.php	2.36 KB	-rw-r--r--
class.dept.php	32.39 KB	-rw-r--r--
class.dispatcher.php	6.72 KB	-rw-r--r--
class.draft.php	6.25 KB	-rw-r--r--
class.dynamic_forms.php	62.12 KB	-rw-r--r--
class.email.php	18.09 KB	-rw-r--r--
class.error.php	1.69 KB	-rw-r--r--
class.export.php	31.8 KB	-rw-r--r--
class.faq.php	15.05 KB	-rw-r--r--
class.file.php	32.41 KB	-rw-r--r--
class.filter.php	27.75 KB	-rw-r--r--
class.filter_action.php	20.27 KB	-rw-r--r--
class.format.php	40.68 KB	-rw-r--r--
class.forms.php	183.13 KB	-rw-r--r--
class.http.php	5.52 KB	-rw-r--r--
class.i18n.php	24.2 KB	-rw-r--r--
class.import.php	6.44 KB	-rw-r--r--
class.json.php	2.69 KB	-rw-r--r--
class.knowledgebase.php	5.8 KB	-rw-r--r--
class.list.php	41.85 KB	-rw-r--r--
class.lock.php	4.05 KB	-rw-r--r--
class.log.php	1.54 KB	-rw-r--r--
class.mailer.php	24.05 KB	-rw-r--r--
class.mailfetch.php	37.24 KB	-rw-r--r--
class.mailparse.php	26.7 KB	-rw-r--r--
class.message.php	6.4 KB	-rw-r--r--
class.migrater.php	5.2 KB	-rw-r--r--
class.misc.php	8.15 KB	-rw-r--r--
class.model.php	2.3 KB	-rw-r--r--
class.nav.php	14.14 KB	-rw-r--r--
class.note.php	2.39 KB	-rw-r--r--
class.organization.php	22.44 KB	-rw-r--r--
class.orm.php	119.54 KB	-rw-r--r--
class.osticket.php	18.8 KB	-rw-r--r--
class.ostsession.php	9.82 KB	-rw-r--r--
class.page.php	10.65 KB	-rw-r--r--
class.pagenate.php	5.13 KB	-rw-r--r--
class.passwd.php	1.19 KB	-rw-r--r--
class.pdf.php	3.62 KB	-rw-r--r--
class.plugin.php	23.89 KB	-rw-r--r--
class.priority.php	1.81 KB	-rw-r--r--
class.queue.php	102.01 KB	-rw-r--r--
class.report.php	11.47 KB	-rw-r--r--
class.role.php	11.12 KB	-rw-r--r--
class.schedule.php	46.03 KB	-rw-r--r--
class.search.php	56.26 KB	-rw-r--r--
class.sequence.php	7.27 KB	-rw-r--r--
class.setup.php	3.55 KB	-rw-r--r--
class.signal.php	4.16 KB	-rw-r--r--
class.sla.php	8.64 KB	-rw-r--r--
class.staff.php	52.41 KB	-rw-r--r--
class.task.php	49.97 KB	-rw-r--r--
class.team.php	12.01 KB	-rw-r--r--
class.template.php	23.33 KB	-rw-r--r--
class.thread.php	107.11 KB	-rw-r--r--
class.thread_actions.php	17.08 KB	-rw-r--r--
class.ticket.php	162.72 KB	-rw-r--r--
class.timezone.php	21.94 KB	-rw-r--r--
class.topic.php	19.07 KB	-rw-r--r--
class.translation.php	34.38 KB	-rw-r--r--
class.upgrader.php	13.54 KB	-rw-r--r--
class.user.php	42.45 KB	-rw-r--r--
class.usersession.php	4.99 KB	-rw-r--r--
class.util.php	8.01 KB	-rw-r--r--
class.validator.php	12.05 KB	-rw-r--r--
class.variable.php	11.93 KB	-rw-r--r--
class.xml.php	3.23 KB	-rw-r--r--
class.yaml.php	1.16 KB	-rw-r--r--
htmLawed.php	53.53 KB	-rw-r--r--
html2text.php	33.63 KB	-rw-r--r--
index.php	37 B	-rw-r--r--
mysqli.php	8.55 KB	-rw-r--r--
ost-config.php	5.61 KB	-rw-r--r--
ost-sampleconfig.php	5.62 KB	-rw-r--r--
tnef_decoder.php	19.82 KB	-rw-r--r--

Code Editor : ajax.staff.php

<?php

require_once(INCLUDE_DIR . 'class.staff.php');

class StaffAjaxAPI extends AjaxController {

/**
   * Ajax: GET /staff/<id>/set-password
   *
   * Uses a dialog to add a new department
   *
   * Returns:
   * 200 - HTML form for addition
   * 201 - {id: <id>, name: <name>}
   *
   * Throws:
   * 403 - Not logged in
   * 403 - Not an administrator
   * 404 - No such agent exists
   */
  function setPassword($id) {
      global $ost, $thisstaff;

if (!$thisstaff)
          Http::response(403, 'Agent login required');
      if (!$thisstaff->isAdmin())
          Http::response(403, 'Access denied');
      if ($id && !($staff = Staff::lookup($id)))
          Http::response(404, 'No such agent');

$form = new PasswordResetForm($_POST);
      $errors = array();
      if (!$_POST && isset($_SESSION['new-agent-passwd']))
          $form->data($_SESSION['new-agent-passwd']);

if ($_POST && $form->isValid()) {
          $clean = $form->getClean();
          try {
              // Validate password
              PasswordPolicy::checkPassword($clean['passwd1'], null);
              if ($id == 0) {
                  // Stash in the session later when creating the user
                  $_SESSION['new-agent-passwd'] = $clean;
                  Http::response(201, 'Carry on');
              }
              if ($clean['welcome_email']) {
                  $staff->sendResetEmail();
              }
              else {
                  $staff->setPassword($clean['passwd1'], null);
                  if ($clean['change_passwd'])
                      $staff->change_passwd = 1;
              }
              if ($staff->save())
                  Http::response(201, 'Successfully updated');
          }
          catch (BadPassword $ex) {
              $passwd1 = $form->getField('passwd1');
              $passwd1->addError($ex->getMessage());
          }
          catch (PasswordUpdateFailed $ex) {
              $errors['err'] = __('Password update failed:').' '.$ex->getMessage();
          }
      }

$title = __("Set Agent Password");
      $verb = $id == 0 ? __('Set') : __('Update');
      $path = ltrim($ost->get_path_info(), '/');

include STAFFINC_DIR . 'templates/quick-add.tmpl.php';
  }

function changePassword($id) {
        global $cfg, $ost, $thisstaff;

if (!$thisstaff)
            Http::response(403, 'Agent login required');
        if (!$id || $thisstaff->getId() != $id)
            Http::response(404, 'No such agent');

$form = new PasswordChangeForm($_POST);
        $errors = array();

if ($_POST && $form->isValid()) {
            $clean = $form->getClean();
            if (($rtoken = $_SESSION['_staff']['reset-token'])) {
                $_config = new Config('pwreset');
                if ($_config->get($rtoken) != $thisstaff->getId())
                    $errors['err'] =
                        __('Invalid reset token. Logout and try again');
                elseif (!($ts = $_config->lastModified($rtoken))
                        && ($cfg->getPwResetWindow() < (time() - strtotime($ts))))
                    $errors['err'] =
                        __('Invalid reset token. Logout and try again');
            }
            if (!$errors) {
                try {
                    $thisstaff->setPassword($clean['passwd1'], @$clean['current']);
                    if ($thisstaff->save()) {
                        if ($rtoken) {
                            $thisstaff->cancelResetTokens();
                            Http::response(200, $this->encode(array(
                                'redirect' => 'index.php'
                            )));
                        }
                        Http::response(201, 'Successfully updated');
                    }
                }
                catch (BadPassword $ex) {
                    $passwd1 = $form->getField('passwd1');
                    $passwd1->addError($ex->getMessage());
                }
                catch (PasswordUpdateFailed $ex) {
                    $errors['err'] = __('Password update failed:').' '.$ex->getMessage();
                }
            }
        }

$title = __("Change Password");
        $verb = __('Update');
        $path = ltrim($ost->get_path_info(), '/');

include STAFFINC_DIR . 'templates/quick-add.tmpl.php';
    }

function getAgentPerms($id) {
        global $thisstaff;

if (!$thisstaff)
            Http::response(403, 'Agent login required');
        if (!$thisstaff->isAdmin())
            Http::response(403, 'Access denied');
        if (!($staff = Staff::lookup($id)))
            Http::response(404, 'No such agent');

return $this->encode($staff->getPermissionInfo());
    }

function resetPermissions() {
        global $ost, $thisstaff;

if (!$thisstaff)
            Http::response(403, 'Agent login required');
        if (!$thisstaff->isAdmin())
            Http::response(403, 'Access denied');

$form = new ResetAgentPermissionsForm($_POST);

if (@is_array($_GET['ids'])) {
            $perms = new RolePermission(null);
            $selected = Staff::objects()->filter(array('staff_id__in' => $_GET['ids']));
            foreach ($selected as $staff)
                // XXX: This maybe should be intersection rather than union
                $perms->merge($staff->getPermission());
            $form->getField('perms')->setValue($perms->getInfo());
        }

if ($_POST && $form->isValid()) {
            $clean = $form->getClean();
            Http::response(201, $this->encode(array('perms' => $clean['perms'])));
        }

$title = __("Reset Agent Permissions");
        $verb = __("Continue");
        $path = ltrim($ost->get_path_info(), '/');

include STAFFINC_DIR . 'templates/reset-agent-permissions.tmpl.php';
    }

function changeDepartment() {
        global $ost, $thisstaff;

if (!$thisstaff)
            Http::response(403, 'Agent login required');
        if (!$thisstaff->isAdmin())
            Http::response(403, 'Access denied');

$form = new ChangeDepartmentForm($_POST);

// Preselect reasonable dept and role based on the current  settings
        // of the received staff ids
        if (@is_array($_GET['ids'])) {
            $dept_id = null;
            $role_id = null;
            $selected = Staff::objects()->filter(array('staff_id__in' => $_GET['ids']));
            foreach ($selected as $staff) {
                if (!isset($dept_id)) {
                    $dept_id = $staff->dept_id;
                    $role_id = $staff->role_id;
                }
                elseif ($dept_id != $staff->dept_id)
                    $dept_id = 0;
                elseif ($role_id != $staff->role_id)
                    $role_id = 0;
            }
            $form->getField('dept_id')->setValue($dept_id);
            $form->getField('role_id')->setValue($role_id);
        }

if ($_POST && $form->isValid()) {
            $clean = $form->getClean();
            Http::response(201, $this->encode($clean));
        }

$title = __("Change Primary Department");
        $verb = __("Continue");
        $path = ltrim($ost->get_path_info(), '/');

include STAFFINC_DIR . 'templates/quick-add.tmpl.php';
    }

function setAvatar($id) {
        global $thisstaff;

if (!$thisstaff)
            Http::response(403, 'Agent login required');
        if ($id != $thisstaff->getId() && !$thisstaff->isAdmin())
            Http::response(403, 'Access denied');
        if ($id == $thisstaff->getId())
            $staff = $thisstaff;
        else
            $staff = Staff::lookup((int) $id);

if (!($avatar = $staff->getAvatar()))
            Http::response(404, 'User does not have an avatar');

if ($code = $avatar->toggle())
          return $this->encode(array(
            'img' => (string) $avatar,
            // XXX: This is very inflexible
            'code' => $code,
          ));
    }
}

${this.title}

Code Editor : ajax.staff.php